xwayland-24.1.5-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15904 Final 1 1 2025-02-26T00:00:00Z current 2025-02-26T00:00:00Z 2025-02-26T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xwayland-24.1.5-2.1 on GA media These are all security issues fixed in the xwayland-24.1.5-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15904 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-26594/ SUSE CVE CVE-2025-26594 page https://www.suse.com/security/cve/CVE-2025-26595/ SUSE CVE CVE-2025-26595 page https://www.suse.com/security/cve/CVE-2025-26596/ SUSE CVE CVE-2025-26596 page https://www.suse.com/security/cve/CVE-2025-26597/ SUSE CVE CVE-2025-26597 page https://www.suse.com/security/cve/CVE-2025-26598/ SUSE CVE CVE-2025-26598 page https://www.suse.com/security/cve/CVE-2025-26599/ SUSE CVE CVE-2025-26599 page https://www.suse.com/security/cve/CVE-2025-26600/ SUSE CVE CVE-2025-26600 page https://www.suse.com/security/cve/CVE-2025-26601/ SUSE CVE CVE-2025-26601 page openSUSE Tumbleweed xwayland-24.1.5-2.1 xwayland-devel-24.1.5-2.1 xwayland-24.1.5-2.1 as a component of openSUSE Tumbleweed xwayland-devel-24.1.5-2.1 as a component of openSUSE Tumbleweed A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. CVE-2025-26594 openSUSE Tumbleweed:xwayland-24.1.5-2.1 openSUSE Tumbleweed:xwayland-devel-24.1.5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26594.html CVE-2025-26594 https://bugzilla.suse.com/1237427 SUSE Bug 1237427 A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. CVE-2025-26595 openSUSE Tumbleweed:xwayland-24.1.5-2.1 openSUSE Tumbleweed:xwayland-devel-24.1.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26595.html CVE-2025-26595 https://bugzilla.suse.com/1237429 SUSE Bug 1237429 A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow. CVE-2025-26596 openSUSE Tumbleweed:xwayland-24.1.5-2.1 openSUSE Tumbleweed:xwayland-devel-24.1.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26596.html CVE-2025-26596 https://bugzilla.suse.com/1237430 SUSE Bug 1237430 A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size. CVE-2025-26597 openSUSE Tumbleweed:xwayland-24.1.5-2.1 openSUSE Tumbleweed:xwayland-devel-24.1.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26597.html CVE-2025-26597 https://bugzilla.suse.com/1237431 SUSE Bug 1237431 An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. CVE-2025-26598 openSUSE Tumbleweed:xwayland-24.1.5-2.1 openSUSE Tumbleweed:xwayland-devel-24.1.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26598.html CVE-2025-26598 https://bugzilla.suse.com/1237432 SUSE Bug 1237432 An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. CVE-2025-26599 openSUSE Tumbleweed:xwayland-24.1.5-2.1 openSUSE Tumbleweed:xwayland-devel-24.1.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26599.html CVE-2025-26599 https://bugzilla.suse.com/1237433 SUSE Bug 1237433 A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. CVE-2025-26600 openSUSE Tumbleweed:xwayland-24.1.5-2.1 openSUSE Tumbleweed:xwayland-devel-24.1.5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26600.html CVE-2025-26600 https://bugzilla.suse.com/1237434 SUSE Bug 1237434 A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. CVE-2025-26601 openSUSE Tumbleweed:xwayland-24.1.5-2.1 openSUSE Tumbleweed:xwayland-devel-24.1.5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26601.html CVE-2025-26601 https://bugzilla.suse.com/1237435 SUSE Bug 1237435